Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2006-11-01 CVE-2006-5641 SQL Injection vulnerability in Techno Dreams Announcement MainAnnounce2.ASP
SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.
network
low complexity
techno-dreams
7.5
7.5
2006-11-01 CVE-2006-5640 SQL Injection vulnerability in Techno Dreams Guestbook Guestbookview.ASP
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
network
low complexity
techno-dreams
7.5
7.5
2006-11-01 CVE-2006-5639 Unspecified vulnerability in Openwbem 3.2
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." This vulnerability is addressed in the following product release: OpenWBEM, OpenWBEM, 3.2.2
network
low complexity
openwbem
7.5
7.5
2006-11-01 CVE-2006-5638 SQL Injection vulnerability in PHPmyring 4.2
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
network
low complexity
phpmyring
7.5
7.5
2006-11-01 CVE-2006-5637 Remote File Include vulnerability in FAQ Administrator FAQ Administrator 2.1B
PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.
network
low complexity
faq-administrator
7.5
7.5
2006-11-01 CVE-2006-5635 SQL Injection vulnerability in Web Wiz Forum Search.ASP
SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.
network
low complexity
web-wiz-forums
7.5
7.5
2006-10-31 CVE-2006-5630 Remote Security vulnerability in Hosting Controller
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
network
low complexity
hosting-controller
7.5
7.5
2006-10-31 CVE-2006-5629 SQL Injection vulnerability in Hosting Controller Hosting Controller
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp.
network
low complexity
hosting-controller CWE-89
7.5
7.5
2006-10-31 CVE-2006-5628 SQL Injection vulnerability in Unisor CMS Login.ASP
SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields.
network
low complexity
unisor-cms
7.5
7.5
2006-10-31 CVE-2006-5627 Remote File Include vulnerability in QnECMS Adminfolderpath Parameter
Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/.
network
low complexity
qnecms
7.5
7.5